MesaLock Linux Documentation

MesaLock Linux is a general purpose Linux distribution which aims to provide a
safe and secure user space environment. To eliminate high-severe
vulnerabilities caused by memory corruption, the whole user space applications
are rewritten in memory-safe programming languages like Rust and Go.

This extremely reduces attack surfaces of an operating system exposed in the
wild, leaving the remaining attack surfaces auditable and restricted.
Therefore, MesaLock Linux can substantially improve the security of the Linux
ecosystem. Additionally, thanks to the Linux kernel, MesaLock Linux supports a
broad hardware environment, making it deployable in many places.

Two main usage scenarios of MesaLock Linux are containers and security-sensitive
embedded devices. With the growth of the ecosystem, MesaLock Linux would also be
adopted in the server/cloud environment.

Fatal bugs introduced by non-memory-safe languages (C/C++/etc.) are one of the
oldest yet persistent problems in computer security. By using memory-safe
programming languages like Rust and Go, developers can obtained guarantees of
type soundness, memory safety, and thread safety. We believe that using
memory-safe programming languages will eliminate memory issues and provide a
safe and secure environment. Therefore, we decide to focus on providing a
memory-safe Linux distribution.

Currently, MesaLock Linux is provided in two versions: live ISO and rootfs. The
live ISO image can be used to create a bootable live USB, or boot in a virtual
machine. The rootfs (i.e., root file system) can be used as a minimal root
image for a container.

We provide a Dockerfile for building MesaLock Linux with all dependencies
installed. You can build the docker image first and then in the building
container environment, you can build packages, live ISO, and rootfs.

The mesalock-demo package provides several examples and will be installed
under the /root/mesalock-demo directory. For instance, we made several web
server demos written in Rocket,
which is a web framework written in Rust. To try these demos in the VM, please
follow these instructions.

In the VM settings, select "NAT" for network adapter and use port
forwarding function in the advanced settings to bind host and guest
machines. Here we add a new rule to bind host IP (127.0.0.1:8080) with
guest IP (10.0.2.15:8000).

Rusty-machine is a general
purpose machine learning library implemented entirely in Rust. We put several
demo examples of machine learning tasks in the mesalock-demo package. You can
find them in the /root/mesalock-demo/rusty-machine/ directory.

We are very open to the open source community. If you are interested in the
MesaLock Linux project, please find us on the #mesalock-linux or
#mesalock-linux-cn (in Chinese) IRC channels at the freenode
server and the bridged room on Matrix. If you're not
familiar with IRC, we recommend chatting through Matrix via
Riot or via the Kiwi
web IRC client.

MesaLock Linux is very young and at an early stage. Some important components
are still missing or work-in-progress. Building a safe and secure Linux distro
relies on the whole community, and you are very welcome to contribute to the
MesaLock Linux project.